CVE-2026-28407

Medium CVSS: 6.9

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Version 1.21.0 fixes the issue.

Vendor

Chainguard

Product

Malcontent

CWE

CWE-703

Yayın Tarihi

2026-02-27 22:16:23

Güncelleme

2026-03-03 18:23:37

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-703 Malcontent MEDIUM Chainguard 2026

Referanslar

https://github.com/chainguard-dev/malcontent/commit/356c56659ccfcad0b249a97de8cf71f151ed3ee9 https://github.com/chainguard-dev/malcontent/pull/1383 https://github.com/chainguard-dev/malcontent/security/advisories/GHSA-945p-3jhm-6rcp

Benzer Kayıtlar

Medium

CVE-2026-29049

melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cach…

High

CVE-2026-28406

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in vers…

High

CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacke…

Medium

CVE-2026-25145

melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacke…

High

CVE-2026-24843

melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker…

High

CVE-2026-24844

melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker…